The PAC report found the Department of Health and Social Care (DHSC) and NHS bodies had been “unprepared” for the global WannaCry attack, which happened in May and affected more than 200,000 computers in at least 100 countries.

‘Serious vulnerabilities’

A total of 80 of 236 NHS trusts across England suffered disruption, as well as another 603 NHS organisations, including 595 GP practices.

MPs said the attack could have been “much worse” and the NHS had been “lucky” the threat had been tackled quickly.

But they warned future attacks could be more sophisticated and malicious, “resulting in the theft or compromise of patient data”.

In February, the DHSC, NHS England and NHS Improvement published a set of 22 “lessons learned” recommendations following the cyber-attack.

But months later the DHSC still did not know what the proposals would cost or when they would be implemented, the committee said.

Meg Hillier, who chairs the PAC, said: “The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber-security and response plans of the NHS.

“But the impact on patients and the service more generally could have been far worse. And government must waste no time in preparing for future cyber-attacks – something it admits are now a fact of life.

“It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.”

Image copyrightEPA

The report said cyber-attacks were “weapons” that needed to be treated as a “serious, critical threat”.

The report said: “A cyber-attack is a weapon which can have a huge impact on safety and security.

“It needs to be treated as a serious, critical threat.

“The rest of government could also learn important lessons from WannaCry.”

Among other recommendations, the committee called on the DHSC and NHS bodies to urgently agree on and implement cyber-security plans and provide an update on their progress to the committee in June.

A Department of Health and Social Care spokesman said: “Every part of the NHS must be clear that it has learned the lessons of Wannacry.

“The health service has improved its cyber-security since the attack, but there is more work to do to protect data and patient care.

“We have supported that work by investing over £60m to address key cyber-security weaknesses – and plan to spend a further £150m over the next two years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and respond to incidents.”

Related Articles

Image caption Charlotte, 38, is considering moving home as she is too old to qualify for IVF in her current area Women over 34 are being automatically refused IVF treatment on the NHS in 12 areas of England, the Victoria Derbyshire programme has found. IVF should be offered to women until age 42, guidelines say, […]

Image copyright Getty Images Doctors need to get better at having difficult conversations with dying patients and not just in their final days, according to a report from the Royal College of Physicians. It says doctors should talk to people who could die within 12 months, who may be frail or terminally ill, and give […]

Media playback is unsupported on your device Media captionAmy lost 19 stone but hates her saggy skin A senior plastic surgeon has told Newsbeat people who were obese and now have saggy skin are often “forgotten”. Mark Soldin thinks a lot of people should be able to get the treatment on the NHS – and […]